• Journal of Korea Multimedia Society
• /
• v.18 no.12
• /
• pp.1483-1491
• /
• 2015

Applications of Internet of Things (IoT) supply various conveniences, however unsolved security problems such as personal privacy, data manipulation cause harm to persons, even nations and an limit the applicable areas of Internet of IoT technology. Therefore, study about secure and efficient security system on IoT are required. This paper proposes ID-based remote user authentication scheme in IoT environments. Proposed scheme provides untraceability of users by using different pseudonym identities in every session and reduces the number of variables. Our proposal is secure against inside attack, smart card loss attack, user impersonation attack, server masquerading attack, online/offline password guessing attack, and so on. Therefore, this can be applied to the lightweight IoT environments.

• Proceedings of the IEEK Conference
• /
• 2000.07b
• /
• pp.961-964
• /
• 2000

With the advance of wireless communications technology, mobile communications has become more convenient than ever. However because of the openness of wireless communications, how to protect the privacy between communicating parties is becoming a very important issue. In this paper an authentication and encryption algorithm of the GSM network for roaming user is proposed. In the proposed algorithms, we use a new hash function for user authentication and LFSR (Linear Feedback Shift Register) based stream cipher for message encryption and decryption. Each algorithm is programmed with C language and simulated on IBM-PC system and we analyze the randomness properties of the developed algorithm using statistical analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.383-395
• /
• 2017

Brainwave-based user authentication technology has advantages such as changeability, shoulder-surfing resistance, and etc. comparing with conventional biometric authentications, fingerprint recognition for instance which are widely used for smart phone and finance user authentication. Despite these advantages, brainwave-based authentication technology has not been used in practice because of the price for EEG (electroencephalography) collecting devices and inconvenience to use those devices. However, according to the development of simple and convenient EEG collecting devices which are portable and communicative by the recent advances in hardware technology, relevant researches have been actively performed. However, according to the experiment based on EEG samples collected by using a single-channel EEG measurement device which is the most simplified one, the authentication accuracy decreases as the number of channels to measure and collect EEG decreases. Therefore, in this paper, we analyze technical problems that need to be solved for practical use of brainwave-based use authentication and propose an incremental elimination method of collected EEG samples for each user to consist a set of EEG samples which are effective to authentication users.

• Journal of Digital Contents Society
• /
• v.9 no.1
• /
• pp.125-130
• /
• 2008

User web service is increasing by development of internet technology. Quantity of encrypted data that transmitted through the network are increasing by development of encipherment technology. We have many problems; it is caused by technical development and service increase of user requests. It is like that, we have reliability of contents and illegality copy problem of internet contents in web application system. It is contents protection skills in web that encipherment technology, authentication and digital signature. We need message encoding and secret key for solve vulnerability of encipherment in web application system. In this paper, we propose a distributed secure system that can data confidentiality and user authentication. It prevent performance degradation from bottle neck in encipherment server, and improve service quality.

• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.904-919
• /
• 2019

Many security systems rely solely on solutions based on Artificial Intelligence, which are weak in nature. These security solutions can be easily manipulated by malicious users who can gain unlawful access. Some security systems suggest using fingerprint-based solutions, but they can be easily deceived by copying fingerprints with clay. Image-based security is undoubtedly easy to manipulate, but it is also a solution that does not require any special training on the part of the user. In this paper, we propose a multi-factor security framework that operates in a three-step process to authenticate the user. The motivation of the research lies in utilizing commonly available and inexpensive devices such as onsite CCTV cameras and smartphone camera and providing fully secure user authentication. We have used technologies such as Argon2 for hashing image features and physically unclonable identification for secure device-server communication. We also discuss the methodological workflow of the proposed multi-factor authentication framework. In addition, we present the service scenario of the proposed model. Finally, we analyze qualitatively the proposed model and compare it with state-of-the-art methods to evaluate the usability of the model in real-world applications.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.2
• /
• pp.452-458
• /
• 2021

The value and importance of personal information are increasing due to the increasing number of fields where the Internet environment and computing environment are used, and user authentication technology is also changing. Until now, accredited certificates, which are mainly used in the financial sector, are being replaced with biometric authentication technology due to the problem of revocation. However, another problem is that biometric information cannot be modified once it is leaked. Recently, with the advent of blockchain technology, research on user authentication methods has actively progressed. In this paper, both public certificate and blockchain-based user authentication can be used without system change, and a new DID issuance and reissuance method that can replace the resident registration number is presented. The proposed system can be used without restrictions in a blockchain. However, the currently used DID requires installation of an application at the Interworking Support Center for verification. Since a DID can be authenticated without registering as a member, indiscriminate information collection can be prevented. Security, convenience, and determinism are compared with the existing system, and excellence is proven based on various attack methods, its portability, and proxy use.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.49-57
• /
• 2008

User authentication and key agreement are very important components to provide secure home network service. Although the TTA adopted the EEAP-PW protocol as a user authentication and key transmission standard, it has some problems including not to provide forward secrecy. This paper first provides an analysis of the problems in EEAP-PW and then proposes a new attribute-based authenticated key agreement protocol, denoted by EEAP-AK. to solve the problems. The proposed protocol supports the different level of security by diversifying network accessibility for the user attribute after the user attribute-based authentication and key agreement protocol steps. It efficiently solves the security problems in the EEAP-PW and we could support more secure home network service than the EEAP-AK.

• Journal of information and communication convergence engineering
• /
• v.22 no.3
• /
• pp.199-206
• /
• 2024

The network security of Plug-and-Charge (PnC) technology in electric vehicle charging systems is typically achieved through the well-known Transport Layer Security (TLS) protocol, which causes high communication overhead. To reduce this overhead, a differential authentication method employing different schemes for individual users has been proposed. However, decisions use a simple threshold approach and no quantitative performance evaluation should be made. In this study, we determined each user's trust using several machine learning algorithms with their charging patterns and compared them. The experimental results reveal that the proposed approach outperforms the conventional approach by 41.36% in terms of round-trip time efficiency, demonstrating its effectiveness in reducing the TLS overhead. In addition, we show the simulation results for three user authentication methods and capture the performance variations under CPU busy waiting scenarios.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.21-31
• /
• 2008

Ubiquitous environment is constructed by development of an IT technology, offer environment of many service changed to mobile environment. Also, existed service offered at fixed position like home or company, but according to development of mobile device. user require service as moving. Wibro can offer as user moving using mobile device. As requirement should be included authentication, in case of authentication between UICC and AAA authentication server is offered in Wibro, service is available. However, when UICC requires initial authentication to AAA authentication server, identification information of UICC expose as plaintext, so privacy infringement of mobile device occurs. Therefore, identification information of terminal generate randomly using OTP(One-Time Password) that generated in mobile terminal, and we proposed mechanism of privacy protection. Also, we proposed mechanism that offer secure service to user as offer authentication from OTP framework, and offer OTP combination authentication detailedly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.631-646
• /
• 2020

The government is pursuing a policy to remove plug-ins for public and private websites to create a convenient Internet environment for users. In general, financial institution websites that provide financial services, such as banks and credit card companies, operate fraud detection system(FDS) to enhance the stability of electronic financial transactions. At this time, the installation software is used to collect and analyze the user's information. Therefore, there is a need for an alternative technology and policy that can collect user's information without installing software according to the no-plug-in policy. This paper introduces the device fingerprinting that can be used in the standard web environment and suggests a guideline to select from various techniques. We also propose a user authentication model using device fingerprints based on machine learning. In addition, we actually collected device fingerprints from Chrome and Explorer users to create a machine learning algorithm based Multi-class authentication model. As a result, the Chrome-based Authentication model showed about 85%~89% perfotmance, the Explorer-based Authentication model showed about 93%~97% performance.